package com.ruoyi.framework.security.config;
 
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;

import static com.ruoyi.framework.security.config.MyThreadLocal.checkPwdThreadLocal;

/**
 * @author Jerry
 * @date 2024-01-26 18:15
 * 自定义密码验证
 */
public class MyAuthenticationProvider extends DaoAuthenticationProvider {


    private PasswordEncoder passwordEncoder;

    /**
     * 构造初始化
     * @param userDetailsService
     * @param passwordEncoder
     */
    public MyAuthenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
        super();
        // 这个地方一定要对userDetailsService赋值，不然userDetailsService是null (这个坑有点深)
        setUserDetailsService(userDetailsService);
        //passwordEncoder由于父类是private，这里需要自定义初始化后才能使用
        this.passwordEncoder = passwordEncoder;
    }

    /**
     * 重写该方法
     * @param userDetails
     * @param authentication
     * @throws AuthenticationException
     */
    @Override
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        if (authentication.getCredentials() == null) {
            this.logger.debug("Failed to authenticate since no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        } else {
            // 线程变量
            Boolean checkPwd = checkPwdThreadLocal.get();
            checkPwdThreadLocal.remove();
            checkPwd = checkPwd == null || checkPwd;
            // 如果不需要密码直接跳过
            if (!checkPwd) {
                return;
            }
            String presentedPassword = authentication.getCredentials().toString();
            if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
                this.logger.debug("Authentication failed: password does not match stored value");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
 
        }
    }

}